Hi, my girlfriend brought me a memory stick which was indicated by McAfee scan to have a virus. I had a closer look at her machine to find the root of the problem, and Kaspersky log indicate 2 viruses. Kaspersky and HJT logs posted below. Once her machine is fixed I will start a new thread with scans of my own machine, just to make sure it was not infected. Please feel free to recommend any preventive measures she may need to take. Thank you v m.


Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 7:53:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 618217
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 41019
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:07:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.DYER-2FP1B6RBFQ.002\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator.DYER-2FP1B6RBFQ.002\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer(2).DYER-2FP1B6RBFQ\ntuser.dat Object is locked skipped
C:\Documents and Settings\dyer(2).DYER-2FP1B6RBFQ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe/WISE0037.BIN Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\ntuser.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-4B9JBIX9M9\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dyer.DYER-4B9JBIX9M9\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\Preview-T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\T-4183160-03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\MSHist012008030920080310\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-J57WV4Q5F4\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dyer.DYER-J57WV4Q5F4\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP347\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4E2FF8AE-9BD4-4E6E-8B39-D14F2D2B21AE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


and HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:15, on 9/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB003" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Kopie 1)" /O6 "USB003" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159443478649
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159447154453
O16 - DPF: {BE34B056-7135-49B5-B750-238164858FD7} (EBookXP Control) - http://mview.nsumbiz.com/eMagazineCab/m4tools.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 5349 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Folks are forgetting how easy it is to get infected in this way. Where they would not download a file to their computer without scanning it, they download to the stick like mad and then share the infected files with others. If you plug one in to your computer...scan it first with your AV before you do anything else.

These files may be tricky to find and remove, but since you have to do it, I will just show them to you.

C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe/WISE0037.BIN ------> Porn-Dialer.Win32.Generic skipped
C:\Documents and Settings\dyer.DYER-2FP1B6RBFQ\Bureaublad\old documents\Mijn documenten\Mongsky\fowsetup.exe WiseSFX: infected - 1
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\Preview-T-4183160-03 Track 3.wma ------> Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Incomplete\T-4183160-03 Track 3.wma ------> Trojan-Downloader.WMA.Wimad.l

I would take no chances and delete the complete documents and files. I will red in what I believe should go.
Once they have been removed, scan again with KOS to be sure they are gone.

Thanks

Now the files are deleted according to my girlfriend. Here is the new KOS log, seems that there are still problems


KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Monday, March 10, 2008 9:08:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/03/2008
Kaspersky Anti-Virus database records: 622359

Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue
Scan TargetMy Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects43133
Number of viruses found1
Number of infected objects2
Number of suspicious objects0
Duration of the scan process01:02:57
Infected Object NameVirus NameLast Action
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application
Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is
locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local
Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local
Settings\Geschiedenis\History.IE5\MSHist012008031020080311\index.dat
Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary
Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat
Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local
Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked
skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object
is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG
Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked
skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is
locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT
Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG
Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked
skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked
skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked
skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked
skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked
skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked
skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked
skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked
skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe/WISE0037.BIN
Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume
Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe
WiseSFX: infected - 1 skipped
C:\System Volume
Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{84F073A9-3B06-4552-9B26-D5C34432F9AE}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

I don't know what was done the the Kaspersky scan results, it looks like word wrap was turned on in Notepad (formatted) and I could not scan the results. Close as I can figure, these are the items being reported and they are infected System Restore files. Follow these directions.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe/WISE0037.BIN
Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP348\A0056797.exe
WiseSFX: infected - 1 skipped

Thanks

Now that has been done, and a new log posted below. Im posting it straight from an email where the text is not wrapped, so not sure why the formatting is strange. Let me know if I should repost it in another format of some sort.

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 11, 2008 1:00:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/03/2008
Kaspersky Anti-Virus database records: 623475
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 38914
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:03:06
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\call256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\callmember256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chat512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\index2.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\profile16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\transfer512.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user1024.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\user16384.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Application Data\Skype\charlotte.dyer1\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Geschiedenis\History.IE5\MSHist012008031120080312\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dyer.DYER-FDC1FB623A\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.002\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A62F9B41-A875-430E-BFCF-73F677A72549}\RP350\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2589ECE8-3481-45BB-B515-4C1AD6B9D189}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5bc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Nope, that is posted perfectly and it is a clean scan:
Total number of scanned objects: 38914
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
So, you really did not need to post it...but thanks.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Many thanks - much appreciated.